Meltdown, Spectre, and Speculative Execution, Oh My!

Official Site for Spectre and Meltdown

meltdown logospectre logo

Modern processors are very complex and, as such, contain some features that make use of advanced techniques to provide users with faster execution times. One of these features utilizes speculative execution, a technique that utilizes additional memory in order to save time in the long run. Since this may not be a well-known concept outside of lower-level programming, here is a small example to provide context. Read more

New Year, New (Cyber) Me

People typically use the dawn of the new year to shed the old habits that have crept up through the year and spawn new, better, and hopefully healthier habits. Do not limit yourself to just physical goals! The new year poses an excellent chance to take a good look at your cyber hygiene and pick one or two things that might give you some additional protection. Here are some tips that might get you started

Read more

COAR and GSS Featured in Chicago Magazine

On Monday, February 27, 2017, Chicago Magazine published an article by Bryan Smith, entitled The Doomsday Squad and featuring three members of Argonne’s Global Security Sciences (GSS) division.  The article highlights the efforts of Charles Macal of the Systems Science Center (SSC), Megan Clifford of the Risk and Infrastructure Science Center (RISC), Nate Evans of RISC’s Cyber Analysis, Operations, and Research (COAR) group, and the teams that each of them leads.

Smith describes the work of these groups as a bold and brave plunge into the realm of potential disaster for the purpose of optimizing the integrity of Chicago’s critical infrastructure: transportation, power, cyber-infrastructure, etc.  Smith writes, “Harnessing Argonne’s massive computing power, they think about precisely what most of us would prefer not to… they imagine the disastrous, envision the catastrophic, and intricately model the apocalypse in its various and horrific guises… building minutely detailed predictive models that show how a given disaster might unfold and, not for nothing, how we might alter the story before the plot turns ugly.” Read more

Cyber-Tabletop Exercises for Sports-Entertainment Venues

Many sports teams of both the professional and collegiate levels perform tabletop exercises to prepare for various, potential emergencies, ranging from severe weather to terrorist attacks.  While such organizations tend to place a heavy emphasis on physical preparedness, there lies an often-underestimated potential for a cyberattack that can detrimentally affect sporting events as well.

Though many sports teams increasingly account for cyber threats, the acknowledgment seems to stop at basic information technology (IT) or information-related hacks.  Sports organizations must begin to realize that cyberattacks can be much more sophisticated once believed, with hackers potentially gaining access to restricted areas, tampering with emergency systems, or even compromising a venue’s visual infrastructure.  Incorporating cyber preparedness into sports organizations’ tabletop exercises is an excellent first step toward increasing cyber resilience in sports entertainment. Read more

Women in Cybersecurity

The Current Trend

Despite intense growth in the field of cybersecurity, women continue to form merely a small minority of the cybersecurity workforce.  The industry currently boasts approximately one million available jobs, and the number is expected to increase to 1.5 million available jobs by 2019.  However, women only hold about one in every 10 positions[1] in the cybersecurity industry, constituting a meager 8-13 percent[2] of cybersecurity professionals overall.  Figure 1 below illustrates a comparison of the amount of women in computer science-related studies versus alternative fields:

 

A number of possible reasons have been suggested for the lack of women in the cybersecurity workforce.  For example, the information-security organization CREST discusses a deficiency in computer-science courses among secondary schools.[3]  Without proper exposure to the field, many women remain unaware of their opportunities.  Similarly, the workforce itself has witnessed a lack of mentorship that encourages women to pursue advancement in cybersecurity.[4]  Instead of encouragement, the National Cybersecurity Institute (NCI) argues that the marketing industry tends to use aggressive, more masculine terminology in relation to cybersecurity, selecting phrases such as “combat cyberthreats” or “fortify digital defenses”.[5]  The entertainment industry also tends to portray men more often than women in mathematical, scientific, or technical television and film roles.3  As a result, women may pursue fields that offer a more welcoming environment. Read more

COAR members attend Grace Hopper

The COAR team’s Jennifer Fowler and Amanda Joyce will be presenting on their poster at Grace Hopper on October 4, 2017 in Orlando, Florida. The Grace Hopper Celebration of Women in Computing is the world’s largest gathering of women technologists. It is produced by the Anita Borg Institute and presented in partnership with ACM.[1]

The poster entitled, “Argonne National Laboratory’s Cyber Defense Competition – Defending Tomorrow’s Infrastructure Today” looks to highlight the gender gap in cyber security and computer science and how Argonne’s Cyber Defense Competition is hoping to help females become more aware of the many different paths of cyber security through a hands-on defense approach. Read more

Amazon S3 Outage Highlights Resilience Issues with Cloud Infrastructure

Amazon S3 suffered a significant outage on Wednesday in its US-East-1 region. This outage affected a number of companies in what seemed to be unpredictable ways.  Yesterday a DNS outage at GoDaddy caused similar effects on availability of what otherwise seems like an unrelated set of Internet sites.  We saw similar outages last year as a result of configuration problems at Level 3 and DDoS attacks from the Mirai botnet.  All of these outages point to significant resilience issues incurred with cloud and managed hosting services.  These resilience issues should be approached as part of risk management planning, but as our recent study in Ashburn VA highlighted, shared vocabulary for these types of informed risk decisions between customers and data center and network providers is often not adequate.

Read more

Improving Resilience When We Don’t Have Steady State

Nate Evans and Mike Thompson from the COAR team recently spent some time at the African Institute for Mathematics and Science (AIMS) teaching computer networking and cyber security to a cohort of 40 students.  During our time at AIMS, we encountered many situations that made us think about how our research in resilience applies in a place like Senegal where we can’t make any assumptions about steady state.

Read more

Argonne’s Cyber Defense Competition Provides a Unique Spin on the Traditional Competition Space

Argonne National Laboratory’s Cyber Defense Competition

Argonne National Laboratory’s Cyber Operations, Analysis and Research (COAR) team partnered with Education is hosting their second Annual Cyber Defense Competition on Saturday, April 1, 2017 at Argonne National Laboratory. This competition seeks college students from varying levels of higher education and regions within the United States to defend a real-world simulation of an energy and water distribution system. Read more